Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1091
Views
0
Helpful
5
Replies

PAT and an ACL

m.matteson
Level 2
Level 2

‎08-26-2003 05:46 PM - edited ‎03-02-2019 09:54 AM

I was wondering about something today, I have NAT setup on my router between two ethernet interfaces, outside is e0/0 and inside is e0/1, the internet is coming in on e0/0. now lets say that i block a bunch of ports with an acl applied to e0/0 inbound, for example port numbers 7777 and 7778, if pat translates internal streams to the external interface using either one of the ports blocked...what happens? it won't work? time out? do i have to configure a lower timeout level? etc. also what port range does PAT use? above 1023? thanks for your response!!

mike

Labels:
0 Helpful
5 Replies 5

sachinraja
Level 9
Level 9

‎08-29-2003 04:11 AM

Yes, PAT uses port nos from 1023 to 65536.

Why do you want to use the same access-list nos for both filtering and for PAT? In this case, PAT will not happen on the specified ports (destination port) due to the deny in the access-list.

Cheers!

0 Helpful

m.matteson
Level 2
Level 2
In response to sachinraja

‎08-29-2003 05:05 AM

its not that i want to more of a what would happen question. would pat detect that the acl is blocked a port it is trying to pat on? or will it just pat and then that translatino will not work? thanks

0 Helpful

solaris1975
Level 1
Level 1
In response to sachinraja

‎09-03-2003 09:38 PM

Hi Dear

My name is sukrut and I am trying to use NAT SO that I no need to assign public IP to the my Server for access from remote location.

We are using cisco 3600 Series Router at our central location I have tried to configure NAT on my central router but it not working as some application ports(Range from 1600 -> 3000) which we are not able to access from remote location after configuration of NAT.

Any help.

Best Regards

Sukrut

0 Helpful

rajesh444
Level 1
Level 1

‎08-29-2003 06:53 AM

Mike,

From my understanding, the ACL will process traffic first and therefore block packets for destination ports 7777 & 7778 before NAT can perform translation.

The following URL should help: [NAT order of operation] http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Regards,

Rajesh

0 Helpful

m.matteson
Level 2
Level 2
In response to rajesh444

‎09-01-2003 03:30 PM

Thanks for the link, that helped a lot and put my mind to rest. :)

0 Helpful
Customers Also Viewed These Support Documents